Brocade Fabric OS Administrator's Guide Supporting Fabric OS v6.3.0 (53-1001336-02, November 2009)

ManualsBrandsHP ManualsStorageBrocade 8/24c SAN Switch for BladeSystem c-Class

131

132

133

134

135

136

137

138

139

140

Fabric OS Administrator’s Guide 91

53-1001336-02

The authentication model using RADIUS and LDAP

Setting the switch authentication mode

1. Connect to the switch and log in using an account assigned to the admin role.

2. Enter the aaaConfig

--authspec command.

Fabric OS user accounts

RADIUS and LDAP servers allow you to set up user accounts by their true network-wide identity

rather than by the account names created on a Fabric OS switch. With each account name, assign

the appropriate switch access roles. For LDAP servers, you can use the ldapCfg

-–maprole

<ldap_role name> <switch_role> command to map an LDAP server role to one of the default roles

available on a switch.

RADIUS and LDAP support all the defined RBAC roles described in Table 8 on page 74.

Users must enter their assigned RADIUS or LDAP account name and password when logging in to a

switch that has been configured with RADIUS or LDAP. After the RADIUS or LDAP server

authenticates a user, it responds with the assigned switch role in a Brocade Vendor-Specific

Attribute (VSA). If the response does not have a VSA role assignment, the User role is assigned. If

no Administrative Domain is assigned, then the user is assigned to the default Admin Domain AD0.

--authspec “radius;local” --backup Authenticates management connections

against any RADIUS databases. If RADIUS

fails because the service is not available, it

then authenticates against the local user

database. The

--backup option directs the

service to try the secondary authentication

database only if the primary authentication

database is not available.

On On

--authspec “ldap” Authenticates management connections

against any LDAP databases only. If LDAP

service is not available or the credentials

do not match, the login fails.

n/a n/a

--authspec “ldap; local” Authenticates management connections

against any LDAP databases first. If LDAP

fails for any reason, it then authenticates

against the local user database.

n/a On

--authspec “ldap; local” --backup Authenticates management connections

against any LDAP databases first. If LDAP

fails for any reason, it then authenticates

against the local user database. The

--backup option states to try the

secondary authentication database only if

the primary authentication database is not

available.

n/a On

1. Fabric OS v5.1.0 and earlier aaaConfig --switchdb <on | off> setting.

TABLE 13 Authentication configuration options (Continued)

aaaConfig options Description Equivalent setting in Fabric

OS v5.1.0 and earlier

--radius --switchdb